Executive Briefing July 28, 2017

VFI published a blog today encouraging you to write your members of Congress to call on the FCC to make three unused TV white spaces channels available for high-speed internet in every market in the nation.

HILL UPDATE

BSA | The Software Alliance commends Senators Orrin Hatch (R-UT), Chris Coons (D-DE), and Dean Heller (R-NV) for their introduction of S. 1671, the International Communications Privacy Act (ICPA) in the Senate. This legislation has an important impact on the future of cloud technology and jobs in the United States. BSA signed a joint industry letter to the Senate Judiciary Committee voicing its support for ICPA. We look forward to working with the bill’s sponsors and other Members of Congress to pass legislation that modernizes law enforcement access to data stored overseas.

The Hill, reported that Sens. Patrick Leahy and Mike Lee plan today to introduce the ECPA Modernization Act of 2017 to update the Email Communications Privacy Act of 1986. Outlets detailed previous attempts to update ECPA, noting that the proposed bill would require law enforcement to obtain a warrant to access a person’s emails. The Hill and Recode went into detail about other reforms contained in the bill, including requirements for gag orders and law enforcement access to location data.

Senate lawmakers plan to restart their push tomorrow for new rules that would prevent U.S. law enforcement from seeking some suspects’ emails, location information and other sensitive data without first obtaining a warrant. For years, Democrats and Republicans alike have harbored deep reservations with a gap in federal law that spares investigators from having to appear in front of a judge and demonstrate probable cause before they could obtain certain kinds of data. Those decades-old rules predate even companies like Google — and never anticipated the day that consumers would conduct much of their daily lives digitally. Seeking to update the 1986 Electronic Communications Privacy Act, however, has long vexed Congress, where lawmakers have struggled to find the right balance between privacy and national security.

The biggest websites and the biggest Internet service providers are being summoned to Congress to testify about net neutrality. US Rep. Greg Walden (R-Ore.), chair of the House Energy and Commerce Committee, said he is scheduling a full committee hearing titled, “Ground rules for the Internet ecosystem,” for September 7. “Today I’m sending formal invitations to the top executives of the leading technology companies including Facebook, Alphabet, Amazon, and Netflix, as well as broadband providers including Comcast, AT&T, Verizon, and Charter Communications, inviting each of them to come and testify before our full Energy and Commerce Committee,” Walden said during a Federal Communications Commission oversight hearing this morning.

The House Homeland Security Committee will consider legislation this week that would reorganize and elevate the Department of Homeland Security’s cybersecurity branch. The draft bill, from committee Chairman Michael McCaul (R-Texas), would replace the National Protection and Programs Directorate (NPPD) at DHS with the Cybersecurity and Infrastructure Security Agency. NPPD is currently responsible for the department’s cyber and physical infrastructure protection efforts. The new agency would be headed by a director who would report to the Homeland Security secretary, a post now held by John Kelly. NPPD is now headed by an undersecretary. The new agency would have a cybersecurity division led by an assistant director as well as an infrastructure security division.

Lawmakers are pushing legislation to encourage young girls to learn how to code and help close the tech industry’s gender gap. Rep. Jacky Rosen (D-Nev.) on Thursday unveiled the “Code Like a Girl Act,” which would fund programs that help young girls learn about computer science. The bill has bipartisan backing and is co-sponsored by Rep. Elise Stefanik (R-N.Y.). Rosen said it’s important to get more women participating in the STEM — science, technology, engineering and math — workforce. “Given the ever increasing importance of computer science in today’s economy, it’s critical we find ways to break down barriers and level the playing field for women everywhere,” Rosen said in a statement to The Hill.

ARTICLE SUMMARY

The Hill’s Overnight Cybersecurity newsletter recapped a report released by the Information Technology & Innovation Foundation, which outlines six recommendations for U.S. policymakers to take the lead in developing a new framework governing international law enforcement cross-border access to data.

The Hill published an opinion piece by Patrick Forrest, vice president and deputy general counsel for the National Association of Manufacturers, urging Congress to pass the International Communications Privacy Act (ICPA). Forrest explains that passing ICPA will encourage the U.S. to develop new mutual legal assistance treaties with foreign governments that ensure that requests for data don’t infringe on a nation’s sovereignty nor the privacy of its citizens.

Let’s give credit where credit is due: President Trump is responsible for bringing broadband Internet to two counties in Southside Virginia. Indirectly, anyway. He might also be responsible, again, indirectly, for extending broadband to lots of other places in rural America. At the very least, he’s at least responsible for one of the world’s tech giants focusing on the “digital divide” that has left many rural areas still on dial-up. That’s the political takeaway from Microsoft’s much-heralded proposal last week that we use unused television frequencies to deliver broadband to rural areas. Microsoft has been experimenting with this so-called “white space” technology for 14 years now, and in the past four years has run pilot programs in Africa and the Philippines that have connected about 185,000 people to high-speed Internet. Now, parts of Southside Virginia will get upgraded to the same level of technology that Botswana has, which just goes to show how far behind some rural areas in the United States are.

Foxconn, the Taiwanese electronics supplier for Apple and other tech giants, said Wednesday it would open its first major American factory in Wisconsin, a boost both for the battleground state’s economy and the Trump administration’s efforts to bolster domestic manufacturing. White House officials noted President Trump’s direct negotiations with Foxconn for the project, which they said would create at least 3,000 jobs and represent a $10 billion investment. Mr. Trump joined Foxconn’s chairman, Terry Gou, at the White House for an announcement on Wednesday, with two Wisconsin Republicans, Gov. Scott Walker and Paul D. Ryan, the House speaker, in attendance.

Politico’s Morning Cybersecurity newsletter reported that multiple civil liberties groups plan to deliver to Congress a joint petition, featuring more than 100,000 signatures, demanding Congress reform Section 702 prior to any vote to reauthorize the statute. Human Rights Watch published a blog detailing a letter it sent to the European Commission, published jointly with Amnesty International, urging the Commission to re-evaluate the EU-U.S. Privacy Shield pact due to ongoing U.S. surveillance efforts, including surveillance authorized under Section 702 and Executive Order 12333.

The Federal Communications Commission was sued today by a group that says the commission failed to comply with a public records request for communications about net neutrality between FCC officials and Internet service providers. On April 26, a nonprofit called American Oversight filed a Freedom of Information Act (FoIA) request asking the FCC for all records related to communications on net neutrality between Internet service providers and Chairman Ajit Pai or Pai’s staff. The group asked for “correspondence, e-mails, telephone call logs, calendar entries, meeting agendas,” and any other records of such communications.

The Trump administration is weighing whether to support online sales taxes that could give state governments greater flexibility in their budgets. Testifying before a Senate panel Wednesday on Capitol Hill, Treasury Secretary Steven Mnuchin said the White House “is looking very closely at this issue” and that it intends to “come out with a position shortly.” Mnuchin told members of the appropriations subcommittee that the policy could be an important way for states to fund infrastructure — an issue that President Trump has touted as a key part of his agenda with a $1 trillion spending plan. Some analysts have questioned the feasibility of that plan because it would cut federal investments in infrastructure by tens of billions of dollars. But allowing states to require companies to collect and remit taxes on online sales could help make up some of the shortfall.

America has always been a home for innovators, from Ben Franklin to Thomas Edison. Historically, their innovation has been key to job growth, rising wages and a better standard of living, and our patent system has always ensured that their investments would pay off. That’s how we created the strongest, most competitive economy in the world. It’s why, every year, the U.S. Chamber of Commerce has ranked our patent system first in the world — until this year, that is. In 2017, the U.S. Chamber of Commerce ranked our patent system 10th in the world, tying our country with Hungary. Our patent system was deemed worse than that of the United Kingdom, Switzerland, Sweden, Germany, France, Japan, Spain, Singapore and Italy. These countries, along with China, have sought to improve their patent systems to attract investment and encourage homegrown innovators.

This is already a banner year for hacks, breaches and cyberwarfare, but the past week was exceptional. South Carolina reported hackers attempted to access the state’s voter-registration system 150,000 times on Election Day last November—part of what former Homeland Security Secretary Jeh Johnson alleges is a 21-state attack perpetrated by Russia. And U.S. intelligence officials alleged that agents working for the United Arab Emirates planted false information in Qatari news outlets and social media, leading to sanctions and a rift with Qatar’s allies. Meanwhile, Lloyd’s of London declared that the takedown of a significant cloud service could lead to monetary damages on par with those of Hurricane Katrina. Threats to the real world from the cyberworld are worse than ever, and the situation continues to deteriorate.

While the White House mulls striking up a joint cyber program with Russia, an unlikely vigilante is taking care of business. As the Daily Beast reports, Microsoft has been waging a quiet war against the hacking entity known as Fancy Bear, which is believed to be associated with the GRU, Russia’s covert military intelligence agency. The Daily Beast details how, in 2016, Microsoft’s legal team sued Fancy Bear (also known by many other aliases) for reserving domain names that violated Microsoft trademarks. Apparently, in the course of claiming generic domains for its operations, Fancy Bear often selected domains that riff off of Microsoft products and services, inadvertently opening the door to the lawsuit.

The Washington Post published a piece by the newspaper’s editorial board, warning Apple and other tech companies to “tread carefully” with efforts to cooperate with the Chinese government given the country’s extensive laws on data localization and freedom of expression. The article focuses on Apple’s recently announced data center in Guizhou, and raises questions about what happens if the Chinese government, via its new data localization law, requests Apple turn over user data stored in the country. The board briefly reference that other companies, including Microsoft and Amazon, have data centers in China.

NOTABLE QUOTES

“Once introduced, the [ECPA Modernization Act] is sure to win plaudits from the likes of Google, Microsoft and other tech giants, as well as privacy hawks like the American Civil Liberties Union. Together, they have lobbied extensively — if sometimes unsuccessfully — to fix the 1986 law known as ECPA.”

“If the U.S. government wishes to preserve a crucial balance between information sharing and preserving individual liberty, it must support legislation that provides much-needed clarity regarding U.S. government access to digitally-stored data belonging to foreign nationals. Only congressional action will achieve the balance between the real and very important needs of law enforcement and securing individual privacy.”

“[Section 702] practices go against our constitutional values and leave the door wide open to surveillance abuse targeted at religious minorities, critics of the government, or political groups… over 85 percent of people believe that companies should not share personal information, like emails, with law enforcement without a warrant. Over 70 percent believe that information gathered without a warrant for national security purposes should not be used for other purposes like prosecuting domestic crimes.”

“Apple vows not to compromise its commitment to user privacy but also pledges to comply with local laws. What happens if China’s authorities demand data from the China-based iCloud? Apple says it and its local partner will comply with requests under Chinese law if they possess the data, which might include metadata of communications, photographs and emails. But two popular Apple services, iMessage and FaceTime, are end-to-end encrypted; Apple does not have the keys — the users do. Apple’s presence in China can be a force for good. But it seems likely that China’s repressive system will pose painful choices for Apple and all the big tech companies that put their data on Chinese soil.”

“Before Congress reauthorizes Section 702—and it almost certainly will—these privacy hawks will face the challenge of arguing for amendments that are simultaneously meaningful enough to claim victory, while also narrowly tailored to avoid spooking moderates who have long championed Section 702.”

“From the Commission’s side we will do what is necessary to ensure [data exchanges with the EU] can continue, obviously in accordance with the court’s opinion and with full respect to fundamental rights, in particular the right to data protection… The key thing is to recall that the exchange of information such as PNR are and remain critical for the security of our citizens.”

“There’s no way to get around the fact that US laws and policies allow abusive monitoring and need to be drastically overhauled before they can meet human rights standards… The European Commission should take a good, hard look at the realities of US surveillance and take action to make sure no one’s rights are sacrificed in the name of political or economic convenience.”

“Americans should be alarmed that the NSA is vacuuming up their emails and phone calls without a warrant. The NSA claims it has rules to protect our privacy, but it turns out those rules are weak, full of loopholes, and violated again and again.”

“This case exposed the cracks in the foundation of the current framework used by law enforcement agencies to access digital information and determine jurisdiction on the Internet. Moreover, attempts to resolve this dispute risk either hamstringing law enforcement efforts or distorting the global marketplace for digital services.”

“We have a real problem, there’s no such thing as an assurance of privacy. You have no idea what devices are out there – a cell phone recording or a third party listening… Seeking a warrant for video surveillance taken in proximity to a murder wouldn’t be considered a fishing expedition. This is no different.”

“The possibility that the US government will gather and share data about your sex life – without a warrant and without your knowledge – is a real one. For example, official policy allows the Federal Bureau of Investigation to share information with other law enforcement bodies about “[s]exual and other highly personal activities” that it gathers through surveillance under Section 702 of the Foreign Intelligence Surveillance Act – a law under which the government vacuums up potentially extremely large numbers of private communications.”

“I have long been concerned about warrantless ‘backdoor’ searches for information about Americans, particularly when the searches are conducted through communications that have been collected without individual warrants and when the amount of those communications is potentially very large.”